PDF malware analysis — malicious · 47be897f6d37713a

MALICIOUS

PDF

121.7 KB

MD5: 8769012726c3f6bfb167ea1a825f1761 SHA-1: 4265ff3cab63d979cd2ce389b297c0bc4217c91f SHA-256: 47be897f6d37713a39f29640b9cb179abe3d7a64f4428c5e509feb7711bb4f23

68 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF file contains an XFA form, which is a known vector for exploitation. ClamAV detected this file as Pdf.Exploit.Dropped-78, indicating it's a dropper for further malicious payloads. An embedded URL was also found, likely used to download the secondary stage. The specific exploit mechanism is not detailed, but the presence of XFA and the ClamAV signature strongly suggest a malicious intent to exploit vulnerabilities and download additional malware.

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.